From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.4 Path: border1.nntp.dca1.giganews.com!nntp.giganews.com!usenet.blueworldhosting.com!feeder01.blueworldhosting.com!feeder.erje.net!eu.feeder.erje.net!news.szaf.org!news.enyo.de!.POSTED!not-for-mail From: Florian Weimer Newsgroups: comp.lang.ada Subject: Re: Should Ada runtime provide special primitives for cryptography? Date: Wed, 01 Oct 2014 23:07:49 +0200 Message-ID: <87sij7cxcq.fsf@mid.deneb.enyo.de> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: news.enyo.de 1412197669 19761 192.168.18.20 (1 Oct 2014 21:07:49 GMT) X-Complaints-To: news@enyo.de Cancel-Lock: sha1:RnQaBHgC5ZIDn3F5Fi9+5Gft7v0= Xref: number.nntp.giganews.com comp.lang.ada:189291 Date: 2014-10-01T23:07:49+02:00 List-Id: * Natasha Kerensikova: > However, when actually implementing cryptographic stuff, cleverness from > compiler and optimizer are often enemies. For example, overwriting a > buffer with zeroes might be optimized out when the buffer is not > accessed again. Pragma Inspection_Point covers this. > I believe it would not be difficult for a compiler vendor to provide, as > part of the runtime, a zeroing procedure guaranteed to not be optimized > away, a (generic) array comparison guaranteed to execute in a constant > number of operations and/or branches, etc. And such subprograms would be > difficult to write externally, and the guarantees difficult to make > without tight compiler integration. The compiler cannot guarantee constant-time execution, that's a property that emerges from the combination of the object code and the execution environment (or not).